Compliance & process intelligence

Know what a regulator would find — before they do.

On demand, Signum reads an incident — or your whole quarter — against the regulations, your own ITIL/ITSM process and policy, and good practice, and shows exactly where to improve. Grounded in the same sealed evidence your team already captured. Regulator-ready, on a button.

The reports

Five reports, one button.

Each is a draft for human sign-off — grounded in captured data, cited to the source event, and categorised so findings are triageable and defensible.

01 · ITSM process analysis Business
Your enacted incident process, reconstructed from the captured timeline and assessed against ITIL and your designed process — SLA/OLA adherence, classification, escalation, approvals, evidence capture and RACI. The foundation every other report builds on.
02 · Regulatory gap analysis Business
How the incident was handled against the regimes in scope — FCA · DORA · MiCA · MAS · ADGM and more — with a notification-trigger checklist (DORA major-incident, MAS 1-hour, FCA SUP 15.3) and a prioritised remediation backlog.
03 · Policy conformance & document gap Enterprise
Did the handling follow your documented process — and where are the gaps in the policy documents themselves, against regulation and good practice? Reads your own policy / process / work-instruction corpus.
04 · To-be process & implementation guide Enterprise
On explicit request, a redesigned incident-management process mapped to your ITSM tool, with a RACI, implementation steps, KPIs and traceability from each change to the gap it closes. A draft for humans to review and apply — never auto-applied.
05 · Improvement / automation blueprint Business
Automations achievable in your own ITSM tool's primitives (FreshService Workflow Automator, ServiceNow Flow Designer, and the like), each mapped to an identified gap — proposals for your team under change control, never executed by Signum.
Run-order

They build on one another.

A report unlocks only once its prerequisites exist for the incident, so the analysis is always grounded — never a regulatory verdict without the process picture behind it.

ITSM process analysis regulatory gap · policy conformance to-be process + automation blueprint

Categorisation

Two axes, every finding.

Obligation
Regulatory · Mandatory · Advisory — what kind of duty the finding represents.
Priority
P0-Critical/Notification · Must · Should · Could — how urgently it must be addressed.
console.signum.uno / incidents / INC-1001 / reports
The compliance suite in the console: the five reports in run-order, gap analyses up to date, and a dependent report locked until its prerequisite is run.
Scope

One incident, or the portfolio

Run a report on a single incident or a selection — the aggregate reuses each incident's cached report and synthesises one roll-up, every finding traceable to its incident and regulation.

Grounded

Cited, never invented

Every regulatory claim cites the source event and names the regulation; an uncertain article is flagged verify, never fabricated.

Drafts

Decisions stay human

Outputs are drafts your compliance owner signs off. Prescriptive redesigns are gated on explicit human request and are never applied to your ITSM.

Read against

FCA · SYSC · SS1/23EU DORAEU MiCAMAS · TRMADGM FSRAAUSTRAC · APRA CPS 230ISO/IEC 27001SOC 2NIST CSFUK & EU GDPR

Want to see the depth? Read an illustrative sample report → — a full gap analysis on an anonymised incident, or get a free teardown of one of your own →

See it against your own incidents.

We will run a live report on an anonymised incident from a stack like yours.

Request a demo